X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=inc%2Fmodules%2Fadmin%2Fadmin-inc.php;h=b7537c8b604212d74f8b9bc9236c88aa6f78b9d0;hb=76740e48546bb3fdb9fca65d8d205765f2bd4d68;hp=7817289f93aff946bc218780962e996755c29d6a;hpb=e45e218c4f629ec63f0788cab231bfc88b3fa46e;p=mailer.git
diff --git a/inc/modules/admin/admin-inc.php b/inc/modules/admin/admin-inc.php
index 7817289f93..b7537c8b60 100644
--- a/inc/modules/admin/admin-inc.php
+++ b/inc/modules/admin/admin-inc.php
@@ -14,11 +14,9 @@
* $Date:: $ *
* $Tag:: 0.2.1-FINAL $ *
* $Author:: $ *
- * Needs to be in all Files and every File needs "svn propset *
- * svn:keywords Date Revision" (autoprobset!) at least!!!!!! *
* -------------------------------------------------------------------- *
* Copyright (c) 2003 - 2009 by Roland Haeder *
- * Copyright (c) 2009, 2010 by Mailer Developer Team *
+ * Copyright (c) 2009 - 2011 by Mailer Developer Team *
* For more information visit: http://www.mxchange.org *
* *
* This program is free software; you can redistribute it and/or modify *
@@ -74,32 +72,40 @@ function addAdminAccount ($adminLogin, $passHash, $adminEmail) {
// This function will be executed when the admin is not logged in and has submitted his login data
function ifAdminLoginDataIsValid ($adminLogin, $adminPassword) {
- // First of all, no admin login is found
+ // First of all, no admin login is found, so the admin hash is null
$ret = '404';
+ $adminHash = null;
- // Then we need to lookup the login name by getting the admin hash
- $adminHash = getAdminHash($adminLogin);
+ // Get admin id from login
+ $adminId = getAdminId($adminLogin);
- // If this is fine, we can continue
- if ($adminHash != '-1') {
- // Get admin id and set it as current
- setCurrentAdminId(getAdminId($adminLogin));
+ // Continue only with found admin ids
+ if ($adminId > 0) {
+ // Then we need to lookup the login name by getting the admin hash
+ $adminHash = getAdminHash($adminId);
- // Now, we need to encode the password in the same way the one is encoded in database
- $testHash = generateHash($adminPassword, $adminHash);
+ // If this is fine, we can continue
+ if ($adminHash != '-1') {
+ // Get admin id and set it as current
+ setCurrentAdminId($adminId);
- // If they both match, the login data is valid
- if ($testHash == $adminHash) {
- // All fine
- $ret = 'done';
- } else {
- // Set status
- $ret = 'pass';
- }
+ // Now, we need to encode the password in the same way the one is encoded in database
+ $testHash = generateHash($adminPassword, $adminHash);
+
+ // If they both match, the login data is valid
+ if ($testHash == $adminHash) {
+ // All fine
+ $ret = 'done';
+ } else {
+ // Did not match!
+ $ret = 'password';
+ }
+ } // END - if
} // END - if
// Prepare data array
$data = array(
+ 'id' => $adminId,
'login' => $adminLogin,
'plain_pass' => $adminPassword,
'pass_hash' => $adminHash
@@ -124,7 +130,7 @@ function ifAdminCookiesAreValid ($adminLogin, $passHash) {
if ($adminHash != '-1') {
// Now, we need to encode the password in the same way the one is encoded in database
$testHash = encodeHashForCookie($adminHash);
- //* DEBUG: */ outputHtml('adminLogin='.$adminLogin.',
passHash='.$passHash.',
adminHash='.$adminHash.',
testHash='.$testHash.'
');
+ //* DEBUG: */ debugOutput('adminLogin=' . $adminLogin . ',passHash='.$passHash.',adminHash='.$adminHash.',testHash='.$testHash);
// If they both match, the login data is valid
if ($testHash == $passHash) {
@@ -132,12 +138,12 @@ function ifAdminCookiesAreValid ($adminLogin, $passHash) {
$ret = 'done';
} else {
// Set status
- $ret = 'pass';
+ $ret = 'password';
}
} // END - if
// Return status
- //* DEBUG: */ outputHtml('ret='.$ret);
+ //* DEBUG: */ debugOutput('ret='.$ret);
return $ret;
}
@@ -146,7 +152,7 @@ function doAdminAction () {
// Get default what
$what = getWhat();
- //* DEBUG: */ outputHtml(__LINE__.'*'.$what.'/'.getModule().'/'.getAction().'/'.getWhat().'*
');
+ //* DEBUG: */ debugOutput(__LINE__.'*'.$what.'/'.getModule().'/'.getAction().'/'.getWhat().'*');
// Remove any spaces from variable
if (empty($what)) {
@@ -160,16 +166,16 @@ function doAdminAction () {
// Get action value
$action = getActionFromModuleWhat(getModule(), $what);
- // Define admin login name and id number
- $content['login'] = getSession('admin_login');
- $content['id'] = getCurrentAdminId();
-
- // Preload templates
+ // Load welcome template
if (isExtensionActive('admins')) {
- $content['welcome'] = loadTemplate('admin_welcome_admins', true, $content);
+ // @TODO This and the next getCurrentAdminId() call might be moved into the templates?
+ $content['welcome'] = loadTemplate('admin_welcome_admins', true, getCurrentAdminId());
} else {
- $content['welcome'] = loadTemplate('admin_welcome', true, $content);
+ $content['welcome'] = loadTemplate('admin_welcome', true, getCurrentAdminId());
}
+
+ // Load header, footer, render menu
+ $content['header'] = loadTemplate('admin_header' , true, $content);
$content['footer'] = loadTemplate('admin_footer' , true, $content);
$content['menu'] = addAdminMenu($action, $what, true);
@@ -210,14 +216,14 @@ LIMIT 1",
loadInclude($inc);
} elseif ($GLOBALS['acl_allow'] === false) {
// Access denied
- loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACCESS_DENIED', $what));
+ loadTemplate('admin_menu_failed', false, '{%message,ADMIN_ACCESS_DENIED=' . $what . '%}');
} else {
- // Include file not found! :-(
- loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_404', $action));
+ // Include file not found :-(
+ loadTemplate('admin_menu_failed', false, '{%message,ADMIN_ACTION_404=' . $action . '%}');
}
} else {
- // Invalid action/what pair found!
- loadTemplate('admin_menu_failed', false, getMaskedMessage('ADMIN_ACTION_INVALID', $action . '/' . $what));
+ // Invalid action/what pair found
+ loadTemplate('admin_menu_failed', false, '{%message,ADMIN_ACTION_INVALID=' . $action . '/' . $what . '%}');
}
// Free memory
@@ -227,8 +233,22 @@ LIMIT 1",
loadTemplate('admin_main_footer', false, $content);
}
+// Checks wether current admin is allowed to access given action/what combination
+// (only one is allowed to be null!)
+function isAdminAllowedAccessMenu ($action, $what = null) {
+ // Do we have cache?
+ if (!isset($GLOBALS[__FUNCTION__][$action][$what])) {
+ // ACL is always 'allow' when no ext-admins is installed
+ // @TODO This can be rewritten into a filter
+ $GLOBALS[__FUNCTION__][$action][$what] = ((!isExtensionInstalledAndNewer('admins', '0.2.0')) || (isAdminsAllowedByAcl($action, $what)));
+ } // END - if
+
+ // Return the cached value
+ return $GLOBALS[__FUNCTION__][$action][$what];
+}
+
// Adds an admin menu
-function addAdminMenu ($action, $what, $return=false) {
+function addAdminMenu ($action, $what, $return = false) {
// Init variables
$SUB = false;
$OUT = '';
@@ -249,29 +269,23 @@ ORDER BY
`id` DESC", __FUNCTION__, __LINE__);
// Do we have entries?
- if (SQL_NUMROWS($result_main) > 0) {
+ if (!SQL_HASZERONUMS($result_main)) {
$OUT .= '